diff --git a/server.js b/server.js
index 010f2816b..1d6bd40fd 100644
--- a/server.js
+++ b/server.js
@@ -70,7 +70,9 @@ if (config.isDev) {
   delete cspDirectives.reportUri;
 }
 
-app.use(helmet.contentSecurityPolicy({ directives: cspDirectives, reportOnly: !config.isDev }));
+if (!config.isDev) {
+  app.use(helmet.contentSecurityPolicy({ directives: cspDirectives }));
+}
 
 // Static middleware
 if (config.isProd || process.env.DEV_USE_DIST === "yes") {